/****************************************************************************
 * net/bluetooth/bt_smp.c
 * Security Manager Protocol implementation.
 *
 *   Copyright (C) 2018 Gregory Nutt. All rights reserved.
 *   Author: Gregory Nutt <gnutt@nuttx.org>
 *
 * Ported from the Intel/Zephyr arduino101_firmware_source-v1.tar package
 * where the code was released with a compatible 3-clause BSD license:
 *
 *   Copyright (c) 2016, Intel Corporation
 *   All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the copyright holder nor the names of its
 *    contributors may be used to endorse or promote products derived from this
 *    software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 ****************************************************************************/

/****************************************************************************
 * Included Files
 ****************************************************************************/

#include <tinyara/config.h>

#include <stddef.h>
#include <errno.h>
#include <string.h>

#include <tinyara/bluetooth/bt_hci.h>
#include <tinyara/bluetooth/bt_core.h>

#include "bt_atomic.h"
#include "bt_hcicore.h"
#include "bt_keys.h"
#include "bt_conn.h"
#include "bt_l2cap.h"
#include "bt_smp.h"

/****************************************************************************
 * Pre-processor Definitions
 ****************************************************************************/

#define RECV_KEYS (BT_SMP_DIST_ID_KEY | BT_SMP_DIST_ENC_KEY)
#define SEND_KEYS (BT_SMP_DIST_ENC_KEY)

#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))

/****************************************************************************
 * Private Types
 ****************************************************************************/

/* SMP channel specific context */

struct bt_smp_s {
	/* The connection this context is associated with */

	FAR struct bt_conn_s *conn;

	/* Commands that remote is allowed to send */

	bt_atomic_t allowed_cmds;

	/* If we're waiting for an encryption change event */

	bool pending_encrypt;

	/* Pairing Request PDU */

	uint8_t preq[7];

	/* Pairing Response PDU */

	uint8_t prsp[7];

	/* Pairing Confirm PDU */

	uint8_t pcnf[16];

	/* Local random number */

	uint8_t prnd[16];

	/* Remote random number */

	uint8_t rrnd[16];

	/* Temporary key */

	uint8_t tk[16];

	/* Local key distribution */

	uint8_t local_dist;

	/* Remote key distribution */

	uint8_t remote_dist;
};

struct uint128_s {
	uint64_t a;
	uint64_t b;
};

struct bt_smphandlers_s {
	CODE uint8_t(*func)(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
	uint8_t expect_len;
};

/****************************************************************************
 * Private Function Prototypes
 ****************************************************************************/

#ifdef CONFIG_DEBUG_WIRELESS_INFO
static const char *h(FAR const void *buf, size_t len);
#endif
static void xor_128(FAR const struct uint128_s *p, FAR const struct uint128_s *q, FAR struct uint128_s *r);
static int le_encrypt(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16]);
static int le_rand(FAR void *buf, size_t len);
static int smp_ah(FAR const uint8_t irk[16], FAR const uint8_t r[3], FAR uint8_t out[3]);
static int smp_c1(FAR const uint8_t k[16], FAR const uint8_t r[16], FAR const uint8_t preq[7], FAR const uint8_t pres[7], FAR const bt_addr_le_t *ia, FAR const bt_addr_le_t *ra, FAR uint8_t enc_data[16]);
static int smp_s1(const uint8_t k[16], const uint8_t r1[16], const uint8_t r2[16], uint8_t out[16]);
static FAR struct bt_buf_s *bt_smp_create_pdu(FAR struct bt_conn_s *conn, uint8_t op, size_t len);
static void send_err_rsp(FAR struct bt_conn_s *conn, uint8_t reason);
static int smp_init(struct bt_smp_s *smp);
static uint8_t smp_pairing_req(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static uint8_t smp_pairing_rsp(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static uint8_t smp_send_pairing_random(FAR struct bt_conn_s *conn);
static uint8_t smp_pairing_confirm(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static uint8_t smp_pairing_random(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static uint8_t smp_pairing_failed(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static void bt_smp_distribute_keys(FAR struct bt_conn_s *conn);
static uint8_t smp_encrypt_info(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static uint8_t smp_master_ident(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static uint8_t smp_ident_info(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static uint8_t smp_ident_addr_info(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static uint8_t smp_security_request(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
static void bt_smp_receive(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf, FAR void *context, uint16_t cid);
static void bt_smp_connected(FAR struct bt_conn_s *conn, FAR void *context, uint16_t cid);
static void bt_smp_disconnected(FAR struct bt_conn_s *conn, FAR void *context, uint16_t cid);
static void bt_smp_encrypt_change(FAR FAR struct bt_conn_s *conn, FAR void *context, uint16_t cid);
#ifdef CONFIG_BLUETOOTH_SMP_SELFTEST
static void swap_buf(FAR const uint8_t *src, FAR uint8_t *dst, uint16_t len);
static void swap_in_place(FAR uint8_t *buf, uint16_t len);
static int cmac_subkey(FAR const uint8_t *key, FAR uint8_t *k1, FAR uint8_t *k2);
static void add_pad(FAR const uint8_t *in, FAR unsigned char *out, int len);
static int bt_smp_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out);
static int aes_test(FAR const char *prefix, FAR const uint8_t *key, FAR const uint8_t *m, uint16_t len, FAR const uint8_t *mac);
static int smp_aes_cmac_test(void);
static int smp_self_test(void);
#else
#define      smp_self_test() (0)
#endif

/****************************************************************************
 * Private Data
 ****************************************************************************/

static struct bt_smp_s g_smp_pool[CONFIG_BLUETOOTH_MAX_CONN];
static const struct bt_smphandlers_s g_smp_handlers[] = {
	{
		/* No op-code defined for 0x00 */
	},
	{
		smp_pairing_req,
		sizeof(struct bt_smp_pairing_s)
	},
	{
		smp_pairing_rsp,
		sizeof(struct bt_smp_pairing_s)
	},
	{
		smp_pairing_confirm,
		sizeof(struct bt_smp_pairing_confirm_s)
	},
	{
		smp_pairing_random,
		sizeof(struct bt_smp_pairing_random_s)
	},
	{
		smp_pairing_failed,
		sizeof(struct bt_smp_pairing_fail_s)
	},
	{
		smp_encrypt_info,
		sizeof(struct bt_smp_encrypt_info_s)
	},
	{
		smp_master_ident,
		sizeof(struct bt_smp_master_ident_s)
	},
	{
		smp_ident_info,
		sizeof(struct bt_smp_ident_info_s)
	},
	{
		smp_ident_addr_info,
		sizeof(struct bt_smp_ident_addr_info_s)
	},
	{
		/* Signing Information - Not yet implemented */
	},
	{
		smp_security_request,
		sizeof(struct bt_smp_security_request_s)
	}
};

#define NHANDLERS (sizeof(g_smp_handlers) / sizeof(struct bt_smphandlers_s))

#ifdef CONFIG_BLUETOOTH_SMP_SELFTEST
/* Test vectors are taken from RFC 4493
 * https://tools.ietf.org/html/rfc4493
 * Same mentioned in the Bluetooth Spec.
 */

static const uint8_t g_key[] = {
	0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
	0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};

static const uint8_t g_M[] = {
	0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
	0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
	0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
	0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
	0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
	0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
	0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
	0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
};

static const uint8_t g_mac1[] = {
	0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
	0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
};

static const uint8_t g_mac2[] = {
	0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
	0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
};

static const uint8_t g_mac3[] = {
	0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
	0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
};

static const uint8_t g_mac4[] = {
	0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
	0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
};
#endif

/****************************************************************************
 * Private Functions
 ****************************************************************************/

/* Helper for syslog parameters to convert from binary to hex.
 * We declare multiple buffers so the helper can be used multiple times
 * in a single syslog call.
 */

static const char *h(FAR const void *buf, size_t len)
{
	static const char hex[] = "0123456789abcdef";
	static char hexbufs[4][129];
	static uint8_t curbuf;
	FAR const uint8_t *b = buf;
	FAR char *str;
	size_t maxlen;
	int i;

	str = hexbufs[curbuf++];
	curbuf %= ARRAY_SIZE(hexbufs);

	maxlen = (sizeof(hexbufs[0]) - 1) / 2;
	if (len > maxlen) {
		len = maxlen;
	}

	for (i = 0; i < len; i++) {
		str[i * 2] = hex[b[i] >> 4];
		str[i * 2 + 1] = hex[b[i] & 0xf];
	}

	str[i * 2] = '\0';
	return str;
}

static void xor_128(FAR const struct uint128_s *p, FAR const struct uint128_s *q, FAR struct uint128_s *r)
{
	r->a = p->a ^ q->a;
	r->b = p->b ^ q->b;
}

static int le_encrypt(const uint8_t key[16], const uint8_t plaintext[16], uint8_t enc_data[16])
{
	FAR struct bt_hci_cp_le_encrypt_s *cp;
	FAR struct bt_hci_rp_le_encrypt_s *rp;
	FAR struct bt_buf_s *buf, *rsp;
	int err;

	nvdbg("key %s plaintext %s\n", h(key, 16), h(plaintext, 16));

	buf = bt_hci_cmd_create(BT_HCI_OP_LE_ENCRYPT, sizeof(*cp));
	if (!buf) {
		return -ENOBUFS;
	}

	cp = bt_buf_extend(buf, sizeof(*cp));
	memcpy(cp->key, key, sizeof(cp->key));
	memcpy(cp->plaintext, plaintext, sizeof(cp->plaintext));

	err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_ENCRYPT, buf, &rsp);
	if (err) {
		return err;
	}

	rp = (void *)rsp->data;
	memcpy(enc_data, rp->enc_data, sizeof(rp->enc_data));
	bt_buf_release(rsp);

	nvdbg("enc_data %s\n", h(enc_data, 16));

	return 0;
}

static int le_rand(FAR void *buf, size_t len)
{
	FAR uint8_t *ptr = buf;

	while (len > 0) {
		FAR struct bt_hci_rp_le_rand_s *rp;
		FAR struct bt_buf_s *rsp;
		size_t copy;
		int err;

		err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_RAND, NULL, &rsp);
		if (err) {
			ndbg("ERROR: HCI_LE_Random failed (%d)\n", err);
			return err;
		}

		rp = (FAR void *)rsp->data;
		copy = len;
		if (copy > sizeof(rp->rand)) {
			copy = sizeof(rp->rand);
		}

		memcpy(ptr, rp->rand, copy);
		bt_buf_release(rsp);

		len -= copy;
		ptr += copy;
	}

	return 0;
}

static int smp_ah(FAR const uint8_t irk[16], FAR const uint8_t r[3], FAR uint8_t out[3])
{
	uint8_t res[16];
	int err;

	nvdbg("irk %s\n, r %s", h(irk, 16), h(r, 3));

	/* r' = padding || r */

	memcpy(res, r, 3);
	memset(res + 3, 0, 13);

	err = le_encrypt(irk, res, res);
	if (err) {
		return err;
	}

	/* The output of the random address function ah is: ah(h, r) = e(k, r') mod
	 * 2^24 The output of the security function e is then truncated to 24 bits by
	 * taking the least significant 24 bits of the output of e as the result of
	 * ah.
	 */

	memcpy(out, res, 3);
	return 0;
}

static int smp_c1(FAR const uint8_t k[16], FAR const uint8_t r[16], FAR const uint8_t preq[7], FAR const uint8_t pres[7], FAR const bt_addr_le_t *ia, FAR const bt_addr_le_t *ra, FAR uint8_t enc_data[16])
{
	uint8_t p1[16];
	uint8_t p2[16];
	int err;

	nvdbg("k %s r %s\n", h(k, 16), h(r, 16));
	nvdbg("ia %s ra %s\n", bt_addr_le_str(ia), bt_addr_le_str(ra));
	nvdbg("preq %s pres %s\n", h(preq, 7), h(pres, 7));

	/* pres, preq, rat and iat are concatenated to generate p1 */

	p1[0] = ia->type;
	p1[1] = ra->type;
	memcpy(p1 + 2, preq, 7);
	memcpy(p1 + 9, pres, 7);

	nvdbg("p1 %s\n", h(p1, 16));

	/* c1 = e(k, e(k, r XOR p1) XOR p2) */

	/* Using enc_data as temporary output buffer */

	xor_128((FAR struct uint128_s *)r, (FAR struct uint128_s *)p1, (FAR struct uint128_s *)enc_data);

	err = le_encrypt(k, enc_data, enc_data);
	if (err) {
		return err;
	}

	/* ra is concatenated with ia and padding to generate p2 */

	memcpy(p2, ra->val, 6);
	memcpy(p2 + 6, ia->val, 6);
	memset(p2 + 12, 0, 4);

	nvdbg("p2 %s\n", h(p2, 16));

	xor_128((FAR struct uint128_s *)enc_data, (FAR struct uint128_s *)p2, (FAR struct uint128_s *)enc_data);
	return le_encrypt(k, enc_data, enc_data);
}

static int smp_s1(const uint8_t k[16], const uint8_t r1[16], const uint8_t r2[16], uint8_t out[16])
{
	/* The most significant 64-bits of r1 are discarded to generate r1' and the
	 * most significant 64-bits of r2 are discarded to generate r2'. r1' is
	 * concatenated with r2' to generate r' which is used as the 128-bit input
	 * parameter plaintextData to security function e: r' = r1' || r2'
	 */

	memcpy(out, r2, 8);
	memcpy(out + 8, r1, 8);

	/* s1(k, r1 , r2) = e(k, r') */

	return le_encrypt(k, out, out);
}

static FAR struct bt_buf_s *bt_smp_create_pdu(FAR struct bt_conn_s *conn, uint8_t op, size_t len)
{
	FAR struct bt_smp_hdr_s *hdr;
	FAR struct bt_buf_s *buf;

	buf = bt_l2cap_create_pdu(conn);
	if (!buf) {
		return NULL;
	}

	hdr = bt_buf_extend(buf, sizeof(*hdr));
	hdr->code = op;

	return buf;
}

static void send_err_rsp(FAR struct bt_conn_s *conn, uint8_t reason)
{
	FAR struct bt_smp_pairing_fail_s *rsp;
	FAR struct bt_buf_s *buf;

	buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
	if (!buf) {
		return;
	}

	rsp = bt_buf_extend(buf, sizeof(*rsp));
	rsp->reason = reason;

	bt_l2cap_send(conn, BT_L2CAP_CID_SMP, buf);
}

static int smp_init(struct bt_smp_s *smp)
{
	/* Initialize SMP context */

	memset(smp, 0, sizeof(*smp));

	/* Generate local random number */

	if (le_rand(smp->prnd, 16)) {
		return BT_SMP_ERR_UNSPECIFIED;
	}

	nvdbg("prnd %s\n", h(smp->prnd, 16));

	return 0;
}

static uint8_t smp_pairing_req(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	FAR struct bt_smp_pairing_s *req = (void *)buf->data;
	FAR struct bt_smp_pairing_s *rsp;
	FAR struct bt_buf_s *rsp_buf;
	FAR struct bt_smp_s *smp = conn->smp;
	uint8_t auth;
	int ret;

	nvdbg("\n");

	if ((req->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) || (req->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
		return BT_SMP_ERR_ENC_KEY_SIZE;
	}

	ret = smp_init(smp);
	if (ret) {
		return ret;
	}

	rsp_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
	if (!rsp_buf) {
		return BT_SMP_ERR_UNSPECIFIED;
	}

	rsp = bt_buf_extend(rsp_buf, sizeof(*rsp));

	/* For JustWorks pairing simplify rsp parameters. TODO: needs to be reworked
	 * later on.
	 */

	auth = (req->auth_req & BT_SMP_AUTH_MASK);
	auth &= ~(BT_SMP_AUTH_MITM | BT_SMP_AUTH_SC | BT_SMP_AUTH_KEYPRESS);
	rsp->auth_req = auth;
	rsp->io_capability = BT_SMP_IO_NO_INPUT_OUTPUT;
	rsp->oob_flag = BT_SMP_OOB_NOT_PRESENT;
	rsp->max_key_size = req->max_key_size;
	rsp->init_key_dist = (req->init_key_dist & RECV_KEYS);
	rsp->resp_key_dist = (req->resp_key_dist & SEND_KEYS);

	smp->local_dist = rsp->resp_key_dist;
	smp->remote_dist = rsp->init_key_dist;

	memset(smp->tk, 0, sizeof(smp->tk));

	/* Store req/rsp for later use */

	smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
	memcpy(smp->preq + 1, req, sizeof(*req));
	smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
	memcpy(smp->prsp + 1, rsp, sizeof(*rsp));

	bt_l2cap_send(conn, BT_L2CAP_CID_SMP, rsp_buf);

	bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
	return 0;
}

static uint8_t smp_send_pairing_confirm(FAR struct bt_conn_s *conn)
{
	FAR struct bt_smp_pairing_confirm_s *req;
	FAR struct bt_smp_s *smp = conn->smp;
	FAR const bt_addr_le_t *ra;
	FAR const bt_addr_le_t *ia;
	FAR struct bt_buf_s *rsp_buf;
	int err;

	rsp_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
	if (!rsp_buf) {
		return BT_SMP_ERR_UNSPECIFIED;
	}

	req = bt_buf_extend(rsp_buf, sizeof(*req));

	if (conn->role == BT_HCI_ROLE_MASTER) {
		ra = &conn->dst;
		ia = &conn->src;
	} else {
		ra = &conn->src;
		ia = &conn->dst;
	}

	err = smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp, ia, ra, req->val);
	if (err) {
		bt_buf_release(rsp_buf);
		return BT_SMP_ERR_UNSPECIFIED;
	}

	bt_l2cap_send(conn, BT_L2CAP_CID_SMP, rsp_buf);

	return 0;
}

static uint8_t smp_pairing_rsp(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	struct bt_smp_pairing_s *rsp = (void *)buf->data;
	struct bt_smp_s *smp = conn->smp;

	nvdbg("\n");

	if ((rsp->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) || (rsp->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE)) {
		return BT_SMP_ERR_ENC_KEY_SIZE;
	}

	smp->local_dist &= rsp->init_key_dist;
	smp->remote_dist &= rsp->resp_key_dist;

	/* Store rsp for later use */
	smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
	memcpy(smp->prsp + 1, rsp, sizeof(*rsp));

	bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);

	return smp_send_pairing_confirm(conn);
}

static uint8_t smp_send_pairing_random(FAR struct bt_conn_s *conn)
{
	FAR struct bt_smp_pairing_random_s *req;
	FAR struct bt_buf_s *rsp_buf;
	FAR struct bt_smp_s *smp = conn->smp;

	rsp_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_RANDOM, sizeof(*req));
	if (!rsp_buf) {
		return BT_SMP_ERR_UNSPECIFIED;
	}

	req = bt_buf_extend(rsp_buf, sizeof(*req));
	memcpy(req->val, smp->prnd, sizeof(req->val));

	bt_l2cap_send(conn, BT_L2CAP_CID_SMP, rsp_buf);

	return 0;
}

static uint8_t smp_pairing_confirm(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	struct bt_smp_pairing_confirm_s *req = (void *)buf->data;
	struct bt_smp_s *smp = conn->smp;

	nvdbg("\n");

	memcpy(smp->pcnf, req->val, sizeof(smp->pcnf));

	bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);

	if (conn->role == BT_HCI_ROLE_SLAVE) {
		return smp_send_pairing_confirm(conn);
	}

	return smp_send_pairing_random(conn);
}

static uint8_t smp_pairing_random(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	FAR struct bt_smp_pairing_random_s *req = (void *)buf->data;
	FAR const bt_addr_le_t *ra;
	FAR const bt_addr_le_t *ia;
	FAR struct bt_smp_s *smp = conn->smp;
	FAR struct bt_keys_s *keys;
	uint8_t cfm[16];
	int err;

	nvdbg("\n");

	memcpy(smp->rrnd, req->val, sizeof(smp->rrnd));

	if (conn->role == BT_HCI_ROLE_MASTER) {
		ra = &conn->dst;
		ia = &conn->src;
	} else {
		ra = &conn->src;
		ia = &conn->dst;
	}

	err = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp, ia, ra, cfm);
	if (err) {
		return BT_SMP_ERR_UNSPECIFIED;
	}

	nvdbg("pcnf %s cfm %s\n", h(smp->pcnf, 16), h(cfm, 16));

	if (memcmp(smp->pcnf, cfm, sizeof(smp->pcnf))) {
		return BT_SMP_ERR_CONFIRM_FAILED;
	}

	if (conn->role == BT_HCI_ROLE_MASTER) {
		uint8_t stk[16];

		/* No need to store master STK */
		err = smp_s1(smp->tk, smp->rrnd, smp->prnd, stk);
		if (err) {
			return BT_SMP_ERR_UNSPECIFIED;
		}

		/* Rand and EDiv are 0 for the STK */
		if (bt_conn_le_start_encryption(conn, 0, 0, stk)) {
			ndbg("ERROR: Failed to start encryption\n");
			return BT_SMP_ERR_UNSPECIFIED;
		}

		smp->pending_encrypt = true;

		return 0;
	}

	keys = bt_keys_get_type(BT_KEYS_SLAVE_LTK, &conn->dst);
	if (keys == NULL) {
		ndbg("ERROR: Unable to create new keys\n");
		return BT_SMP_ERR_UNSPECIFIED;
	}

	err = smp_s1(smp->tk, smp->prnd, smp->rrnd, keys->slave_ltk.val);
	if (err) {
		bt_keys_clear(keys, BT_KEYS_SLAVE_LTK);
		return BT_SMP_ERR_UNSPECIFIED;
	}

	/* Rand and EDiv are 0 for the STK */
	keys->slave_ltk.rand = 0;
	keys->slave_ltk.ediv = 0;

	nvdbg("generated STK %s\n", h(keys->slave_ltk.val, 16));

	smp->pending_encrypt = true;

	smp_send_pairing_random(conn);

	return 0;
}

static uint8_t smp_pairing_failed(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	struct bt_smp_pairing_fail_s *req = (void *)buf->data;
	struct bt_smp_s *smp = conn->smp;

	ndbg("ERROR: reason 0x%x\n", req->reason);
	UNUSED(req);

	bt_atomic_set(&smp->allowed_cmds, 0);
	bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);

	if (conn->role == BT_HCI_ROLE_MASTER) {
		bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
	} else {
		bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
	}

	/* return no error to avoid sending Pairing Failed in response */
	return 0;
}

static void bt_smp_distribute_keys(FAR struct bt_conn_s *conn)
{
	FAR struct bt_smp_s *smp = conn->smp;
	FAR struct bt_keys_s *keys;
	FAR struct bt_buf_s *buf;

	keys = bt_keys_get_addr(&conn->dst);
	if (!keys) {
		ndbg("ERROR: Unable to look up keys for %s\n", bt_addr_le_str(&conn->dst));
		return;
	}

	if (!smp->local_dist) {
		bt_keys_clear(keys, BT_KEYS_ALL);
		return;
	}

	if (smp->local_dist & BT_SMP_DIST_ENC_KEY) {
		struct bt_smp_encrypt_info_s *info;
		struct bt_smp_master_ident_s *ident;

		bt_keys_add_type(keys, BT_KEYS_SLAVE_LTK);

		le_rand(keys->slave_ltk.val, sizeof(keys->slave_ltk.val));
		le_rand(&keys->slave_ltk.rand, sizeof(keys->slave_ltk.rand));
		le_rand(&keys->slave_ltk.ediv, sizeof(keys->slave_ltk.ediv));

		buf = bt_smp_create_pdu(conn, BT_SMP_CMD_ENCRYPT_INFO, sizeof(struct bt_smp_encrypt_info_s));
		if (!buf) {
			ndbg("ERROR: Unable to allocate Encrypt Info buffer\n");
			return;
		}

		info = bt_buf_extend(buf, sizeof(struct bt_smp_encrypt_info_s));
		memcpy(info->ltk, keys->slave_ltk.val, sizeof(info->ltk));

		bt_l2cap_send(conn, BT_L2CAP_CID_SMP, buf);

		buf = bt_smp_create_pdu(conn, BT_SMP_CMD_MASTER_IDENT, sizeof(struct bt_smp_master_ident_s));
		if (!buf) {
			ndbg("ERROR: Unable to allocate Master Ident buffer\n");
			return;
		}

		ident = bt_buf_extend(buf, sizeof(struct bt_smp_master_ident_s));
		ident->rand = keys->slave_ltk.rand;
		ident->ediv = keys->slave_ltk.ediv;

		bt_l2cap_send(conn, BT_L2CAP_CID_SMP, buf);
	}
}

static uint8_t smp_encrypt_info(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	FAR struct bt_smp_encrypt_info_s *req = (void *)buf->data;
	FAR struct bt_smp_s *smp = conn->smp;
	FAR struct bt_keys_s *keys;

	nvdbg("\n");

	keys = bt_keys_get_type(BT_KEYS_LTK, &conn->dst);
	if (!keys) {
		ndbg("ERROR: Unable to get keys for %s\n", bt_addr_le_str(&conn->dst));
		return BT_SMP_ERR_UNSPECIFIED;
	}

	memcpy(keys->ltk.val, req->ltk, 16);

	bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_MASTER_IDENT);

	return 0;
}

static uint8_t smp_master_ident(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	FAR struct bt_smp_master_ident_s *req = (void *)buf->data;
	FAR struct bt_smp_s *smp = conn->smp;
	FAR struct bt_keys_s *keys;

	nvdbg("\n");

	keys = bt_keys_get_type(BT_KEYS_LTK, &conn->dst);
	if (!keys) {
		ndbg("ERROR: Unable to get keys for %s\n", bt_addr_le_str(&conn->dst));
		return BT_SMP_ERR_UNSPECIFIED;
	}

	keys->ltk.ediv = req->ediv;
	keys->ltk.rand = req->rand;

	if (conn->role == BT_HCI_ROLE_MASTER) {
		smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
		if (!smp->remote_dist) {
			bt_smp_distribute_keys(conn);

			return 0;
		}
	}

	if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
		bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
	}

	return 0;
}

static uint8_t smp_ident_info(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	FAR struct bt_smp_ident_info_s *req = (FAR void *)buf->data;
	FAR struct bt_smp_s *smp = conn->smp;
	FAR struct bt_keys_s *keys;

	nvdbg("\n");

	keys = bt_keys_get_type(BT_KEYS_IRK, &conn->dst);
	if (!keys) {
		ndbg("ERROR: Unable to get keys for %s\n", bt_addr_le_str(&conn->dst));
		return BT_SMP_ERR_UNSPECIFIED;
	}

	memcpy(keys->irk.val, req->irk, 16);

	bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);

	return 0;
}

static uint8_t smp_ident_addr_info(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	FAR struct bt_smp_ident_addr_info_s *req = (void *)buf->data;
	FAR struct bt_smp_s *smp = conn->smp;
	FAR struct bt_keys_s *keys;

	nvdbg("identity %s\n", bt_addr_le_str(&req->addr));

	if (!bt_addr_le_is_identity(&req->addr)) {
		ndbg("ERROR: Invalid identity %s for %s\n", bt_addr_le_str(&req->addr), bt_addr_le_str(&conn->dst));
		return BT_SMP_ERR_INVALID_PARAMS;
	}

	keys = bt_keys_get_type(BT_KEYS_IRK, &conn->dst);
	if (!keys) {
		ndbg("ERROR: Unable to get keys for %s\n", bt_addr_le_str(&conn->dst));
		return BT_SMP_ERR_UNSPECIFIED;
	}

	if (bt_addr_le_is_rpa(&conn->dst)) {
		bt_addr_copy(&keys->irk.rpa, (bt_addr_t *)&conn->dst.val);
		bt_addr_le_copy(&keys->addr, &req->addr);
		bt_addr_le_copy(&conn->dst, &req->addr);
	}

	if (conn->role == BT_HCI_ROLE_MASTER) {
		smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
		if (!smp->remote_dist) {
			bt_smp_distribute_keys(conn);
		}
	}

	return 0;
}

static uint8_t smp_security_request(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf)
{
	FAR struct bt_smp_security_request_s *req = (FAR void *)buf->data;
	FAR struct bt_keys_s *keys;
	uint8_t auth;

	nvdbg("\n");

	keys = bt_keys_find(BT_KEYS_LTK, &conn->dst);
	if (!keys) {
		goto pair;
	}

	auth = req->auth_req & BT_SMP_AUTH_MASK;
	if (auth & (BT_SMP_AUTH_MITM | BT_SMP_AUTH_SC)) {
		nwdbg("Unsupported auth requirements: 0x%x, repairing", auth);
		goto pair;
	}

	if (bt_conn_le_start_encryption(conn, keys->ltk.rand, keys->ltk.ediv, keys->ltk.val) < 0) {
		return BT_SMP_ERR_UNSPECIFIED;
	}

	return 0;
pair:
	if (bt_smp_send_pairing_req(conn) < 0) {
		return BT_SMP_ERR_UNSPECIFIED;
	}

	return 0;
}

static void bt_smp_receive(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf, FAR void *context, uint16_t cid)
{
	FAR struct bt_smp_hdr_s *hdr = (FAR void *)buf->data;
	FAR struct bt_smp_s *smp = conn->smp;
	uint8_t err;

	if (buf->len < sizeof(*hdr)) {
		ndbg("ERROR: Too small SMP PDU received\n");
		goto done;
	}

	nvdbg("Received SMP code 0x%02x len %u\n", hdr->code, buf->len);

	bt_buf_consume(buf, sizeof(*hdr));

	if (hdr->code >= NHANDLERS || !g_smp_handlers[hdr->code].func) {
		nwdbg("Unhandled SMP code 0x%02x\n", hdr->code);
		err = BT_SMP_ERR_CMD_NOTSUPP;
	} else {
		if (!bt_atomic_testclrbit(&smp->allowed_cmds, hdr->code)) {
			nwdbg("Unexpected SMP code 0x%02x\n", hdr->code);
			goto done;
		}

		if (buf->len != g_smp_handlers[hdr->code].expect_len) {
			ndbg("ERROR: Invalid len %u for code 0x%02x\n", buf->len, hdr->code);
			err = BT_SMP_ERR_INVALID_PARAMS;
		} else {
			err = g_smp_handlers[hdr->code].func(conn, buf);
		}
	}

	if (err) {
		send_err_rsp(conn, err);

		bt_atomic_set(&smp->allowed_cmds, 0);

		if (conn->role == BT_HCI_ROLE_MASTER) {
			bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
		} else {
			bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
		}
	}

done:
	bt_buf_release(buf);
}

static void bt_smp_connected(FAR struct bt_conn_s *conn, FAR void *context, uint16_t cid)
{
	int i;

	nvdbg("conn %p handle %u\n", conn, conn->handle);

	for (i = 0; i < CONFIG_BLUETOOTH_MAX_CONN; i++) {
		struct bt_smp_s *smp = &g_smp_pool[i];

		if (smp->conn) {
			continue;
		}

		smp->conn = conn;
		conn->smp = smp;

		bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);

		if (conn->role == BT_HCI_ROLE_MASTER) {
			bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
		} else {
			bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
		}

		return;
	}

	ndbg("ERROR: No available SMP context for conn %p\n", conn);
}

static void bt_smp_disconnected(FAR struct bt_conn_s *conn, FAR void *context, uint16_t cid)
{
	struct bt_smp_s *smp = conn->smp;

	if (!smp) {
		return;
	}

	nvdbg("conn %p handle %u\n", conn, conn->handle);

	conn->smp = NULL;
	memset(smp, 0, sizeof(*smp));
}

static void bt_smp_encrypt_change(FAR FAR struct bt_conn_s *conn, FAR void *context, uint16_t cid)
{
	struct bt_smp_s *smp = conn->smp;

	nvdbg("conn %p handle %u encrypt 0x%02x\n", conn, conn->handle, conn->encrypt);

	if (!smp || !conn->encrypt) {
		return;
	}

	if (!smp->pending_encrypt) {
		return;
	}

	smp->pending_encrypt = false;

	if (smp->remote_dist & BT_SMP_DIST_ENC_KEY) {
		bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_ENCRYPT_INFO);
	} else if (smp->remote_dist & BT_SMP_DIST_ID_KEY) {
		bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
	}

	/* Slave distributes it's keys first */

	if (conn->role == BT_HCI_ROLE_MASTER && smp->remote_dist) {
		return;
	}

	bt_smp_distribute_keys(conn);
}

#if defined(CONFIG_BLUETOOTH_SMP_SELFTEST)
/* spaw octets for LE encrypt */

static void swap_buf(FAR const uint8_t *src, FAR uint8_t *dst, uint16_t len)
{
	int i;

	for (i = 0; i < len; i++) {
		dst[len - 1 - i] = src[i];
	}
}

static void swap_in_place(FAR uint8_t *buf, uint16_t len)
{
	int i;
	int j;

	for (i = 0, j = len - 1; i < j; i++, j--) {
		uint8_t tmp = buf[i];

		buf[i] = buf[j];
		buf[j] = tmp;
	}
}

/* 1 bit left shift */

static void array_shift(FAR const uint8_t *in, FAR uint8_t *out)
{
	uint8_t overflow = 0;

	for (int i = 15; i >= 0; i--) {
		out[i] = in[i] << 1;
		/* previous byte */
		out[i] |= overflow;
		overflow = in[i] & 0x80 ? 1 : 0;
	}
}

/* CMAC subkey generation algorithm */

static int cmac_subkey(FAR const uint8_t *key, FAR uint8_t *k1, FAR uint8_t *k2)
{
	const uint8_t rb[16] = {
		[0 ... 14] = 0x00,
		[15] = 0x87,
	};
	uint8_t zero[16] = { 0 };
	uint8_t *tmp = zero;
	uint8_t l[16];
	int err;

	/* L := AES-128(K, const_Zero) */
	err = le_encrypt(key, zero, tmp);
	if (err) {
		return err;
	}

	swap_buf(tmp, l, 16);

	nvdbg("l %s\n", h(l, 16));

	/* if MSB(L) == 0 K1 = L << 1 */
	if (!(l[0] & 0x80)) {
		array_shift(l, k1);
		/* else K1 = (L << 1) XOR rb */
	} else {
		array_shift(l, k1);
		xor_128((FAR struct uint128_s *)k1, (FAR struct uint128_s *)rb, (FAR struct uint128_s *)k1);
	}

	/* if MSB(K1) == 0 K2 = K1 << 1 */
	if (!(k1[0] & 0x80)) {
		array_shift(k1, k2);
		/* else K2 = (K1 << 1) XOR rb */
	} else {
		array_shift(k1, k2);
		xor_128((FAR struct uint128_s *)k2, (struct uint128_s * FAR)rb, (FAR struct uint128_s *)k2);
	}

	return 0;
}

/* padding(x) = x || 10^i      where i is 128 - 8 * r - 1 */

static void add_pad(FAR const uint8_t *in, FAR unsigned char *out, int len)
{
	memset(out, 0, 16);
	memcpy(out, in, len);
	out[len] = 0x80;
}

/* Cypher based Message Authentication Code (CMAC) with AES 128 bit
 *
 * Input    : key    ( 128-bit key )
 *          : in     ( message to be authenticated )
 *          : len    ( length of the message in octets )
 * Output   : out    ( message authentication code )
 */

static int bt_smp_aes_cmac(FAR const uint8_t *key, FAR const uint8_t *in, size_t len, FAR uint8_t *out)
{
	uint8_t k1[16];
	uint8_t k2[16];
	uint8_t last_block[16];
	FAR uint8_t *pad_block = last_block;
	uint8_t key_s[16];
	FAR uint8_t *x;
	FAR uint8_t *y;
	uint8_t flag;
	uint8_t n;
	int err;

	swap_buf(key, key_s, 16);

	/* (K1,K2) = Generate_Subkey(K) */
	err = cmac_subkey(key_s, k1, k2);
	if (err) {
		return err;
	}

	nvdbg("key %s subkeys k1 %s k2 %s\n", h(key, 16), h(k1, 16), h(k2, 16));

	/* the number of blocks, n, is calculated, the block length is 16 bytes n =
	 * ceil(len/const_Bsize)
	 */

	n = (len + 15) / 16;

	/* check input length, flag indicate completed blocks */

	if (n == 0) {
		/* if length is 0, the number of blocks to be processed shall be 1,and
		 * the flag shall be marked as not-complete-block false.
		 */

		n = 1;
		flag = 0;
	} else {
		if ((len % 16) == 0) {
			/* complete blocks */
			flag = 1;
		} else {
			/* last block is not complete */
			flag = 0;
		}
	}

	nvdbg("len %u n %u flag %u\n", len, n, flag);

	/* if flag is true then M_last = M_n XOR K1 */
	if (flag) {
		xor_128((FAR struct uint128_s *)&in[16 * (n - 1)], (FAR struct uint128_s *)k1, (FAR struct uint128_s *)last_block);

		/* else M_last = padding(M_n) XOR K2 */
	} else {
		add_pad(&in[16 * (n - 1)], pad_block, len % 16);
		xor_128((FAR struct uint128_s *)pad_block, (FAR struct uint128_s *)k2, (FAR struct uint128_s *)last_block);
	}

	/* Reuse k1 and k2 buffers */
	x = k1;
	y = k2;

	/* Zeroing x */
	memset(x, 0, 16);

	/* Rhe basic CBC-MAC is applied to M_1,...,M_{n-1},M_last */

	for (int i = 0; i < n - 1; i++) {
		/* Y = X XOR M_i */

		xor_128((FAR struct uint128_s *)x, (FAR struct uint128_s *)&in[i * 16], (FAR struct uint128_s *)y);

		swap_in_place(y, 16);

		/* X = AES-128(K,Y) */

		err = le_encrypt(key_s, y, x);
		if (err) {
			return err;
		}

		swap_in_place(x, 16);
	}

	/* Y = M_last XOR X */

	xor_128((FAR struct uint128_s *)x, (FAR struct uint128_s *)last_block, (FAR struct uint128_s *)y);

	swap_in_place(y, 16);

	/* T = AES-128(K,Y) */

	err = le_encrypt(key_s, y, out);

	swap_in_place(out, 16);

	return err;
}

static int aes_test(const char *prefix, const uint8_t *key, const uint8_t *m, uint16_t len, const uint8_t *mac)
{
	uint8_t out[16];

	nvdbg("%s: AES CMAC of message with len %u\n", prefix, len);

	bt_smp_aes_cmac(key, m, len, out);
	if (!memcmp(out, mac, 16)) {
		nvdbg("%s: Success\n", prefix);
	} else {
		ndbg("ERROR: %s: Failed\n", prefix);
		return -1;
	}

	return 0;
}

static int smp_aes_cmac_test(void)
{
	int err;

	err = aes_test("Test aes-cmac0", g_key, g_M, 0, g_mac1);
	if (err) {
		return err;
	}

	err = aes_test("Test aes-cmac16", g_key, g_M, 16, g_mac2);
	if (err) {
		return err;
	}

	err = aes_test("Test aes-cmac40", g_key, g_M, 40, g_mac3);
	if (err) {
		return err;
	}

	err = aes_test("Test aes-cmac64", g_key, g_M, 64, g_mac4);
	if (err) {
		return err;
	}

	return 0;
}

static int smp_self_test(void)
{
	int err;

	err = smp_aes_cmac_test();
	if (err) {
		ndbg("ERROR: SMP AES-CMAC self tests failed\n");
		return err;
	}

	return 0;
}
#endif

/****************************************************************************
 * Public Functions
 ****************************************************************************/

int bt_smp_initialize(void)
{
	static struct bt_l2cap_chan_s chan = {
		.cid = BT_L2CAP_CID_SMP,
		.receive = bt_smp_receive,
		.connected = bt_smp_connected,
		.disconnected = bt_smp_disconnected,
		.encrypt_change = bt_smp_encrypt_change,
	};

	bt_l2cap_chan_register(&chan);

	return smp_self_test();
}

int bt_smp_send_security_req(FAR struct bt_conn_s *conn)
{
	struct bt_smp_security_request_s *req;
	FAR struct bt_buf_s *req_buf;

	nvdbg("\n");

	req_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_SECURITY_REQUEST, sizeof(struct bt_smp_security_request_s));
	if (!req_buf) {
		return -ENOBUFS;
	}

	req = bt_buf_extend(req_buf, sizeof(struct bt_smp_security_request_s));
	req->auth_req = BT_SMP_AUTH_BONDING;
	bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);

	return 0;
}

int bt_smp_send_pairing_req(FAR struct bt_conn_s *conn)
{
	FAR struct bt_smp_s *smp = conn->smp;
	FAR struct bt_smp_pairing_s *req;
	FAR struct bt_buf_s *req_buf;

	nvdbg("\n");

	if (smp_init(smp)) {
		return -ENOBUFS;
	}

	req_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
	if (!req_buf) {
		return -ENOBUFS;
	}

	req = bt_buf_extend(req_buf, sizeof(*req));

	/* For JustWorks pairing simplify req parameters. TODO: needs to be reworked
	 * later on
	 */

	req->auth_req = BT_SMP_AUTH_BONDING;
	req->io_capability = BT_SMP_IO_NO_INPUT_OUTPUT;
	req->oob_flag = BT_SMP_OOB_NOT_PRESENT;
	req->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
	req->init_key_dist = SEND_KEYS;
	req->resp_key_dist = RECV_KEYS;

	smp->local_dist = SEND_KEYS;
	smp->remote_dist = RECV_KEYS;

	memset(smp->tk, 0, sizeof(smp->tk));

	/* Store req for later use */
	smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;

	memcpy(smp->preq + 1, req, sizeof(*req));

	bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);

	bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
	return 0;
}

bool bt_smp_irk_matches(FAR const uint8_t irk[16], FAR const bt_addr_t *addr)
{
	uint8_t hash[3];
	int err;

	nvdbg("IRK %s bdaddr %s", h(irk, 16), bt_addr_str(addr));

	err = smp_ah(irk, addr->val + 3, hash);
	if (err) {
		return false;
	}

	return !memcmp(addr->val, hash, 3);
}
